Dramatic Increase in Infostealer Credential Robbery by 800%

In the rapidly evolving world of cybersecurity, the first half of 2025 has proven to be a challenging period, with a significant increase in data breaches and related cyber threats. Flashpoint, a leading threat intelligence firm, has released its Global Threat Intelligence Index: 2025 Midyear Edition, providing insights into these trends.

According to the report, a staggering 3104 data breaches were reported in the first six months of the year, compromising a total of 9.5 billion records. Unauthorized access accounts for nearly 78% of all reported data breach incidents, underscoring the urgent need for robust security measures.

The Identity Theft Resource Center (ITRC) has warned that 2025 is on track to become a record year for data breaches in the US. This trend is concerning as compromised credentials can give threat actors simple and covert access to corporate resources.

Security experts have also warned of a surge in identity-based attacks. Stolen data from data breaches is often extorted or listed for sale for financial gain. The volume of publicly available exploit code has increased by 179% since the start of the year, further fuelling these attacks.

The manufacturing, technology, and retail sectors have been the hardest hit by ransomware-related breaches, with percentages of 22%, 18%, and 13% respectively. Confirmed ransomware breaches have risen 179% since the start of the year. Over the past four months, data breaches surged by 235%.

The report noted that data breaches have been the source of continuous fuel for cybercrime activity. They serve as both the genesis and culmination of threat actor campaigns, providing attackers with various elements of personally identifiable information (PII).

In response to these threats, multi-factor authentication (MFA) has emerged as a potential solution. MFA can help protect accounts from unauthorised access, adding an extra layer of security.

The data for Flashpoint's report is based on over 3.6 petabytes of data analysed by the threat intelligence firm. Between January and June 2025, over 20,000 disclosed vulnerabilities were estimated, with 12,200 of these not appearing in the National Vulnerability Database (NVD). Nearly 7000 of these vulnerabilities have public exploits available.

The volume of disclosed vulnerabilities has grown by a staggering 246% since February 2025. In the first half of 2025, 1.8 billion credentials were stolen, an 800% increase compared to the previous six months.

As the cyber threat landscape continues to evolve, staying informed and taking proactive measures to protect sensitive data is more important than ever.